Pentester Application Security Team

Job Description

Hi there!
We are Semrush a global IT company developing our own product a platform for digital marketers. New stars are born here so dont miss your chance.
This is our

Pentester role for those who strive to implement functional processes and drive them to full completion.

Tasks in the role

Join Semrushs Security Team renowned for its cuttingedge approach to application security. As an Application Security Pentester you will play a crucial role in enhancing our teams capacity to conduct security audits efficiently during the release processes. Your expertise will help maintain the speed and quality of our software releases by proactively identifying and mitigating security vulnerabilities.

• Conduct thorough penetration tests on web applications APIs and other software components to uncover security vulnerabilities
• Identify analyze and prioritize security vulnerabilities providing detailed recommendations for remediation
• Create and maintain custom scripts and tools to automate and streamline security testing procedures
• Keep abreast of the latest security threats vulnerabilities and industry trends to ensure proactive defense measures
• Participate in research internal and external events (CTFs meetups) and training to continually enhance the teams capabilities

Requirements

Who we are looking for

• Deep knowledge of common vulnerabilities as outlined in standard awareness documents like the OWASP Top 10
• Ability to read and understand code in languages like Golang Java or Python to identify security flaws
• Familiarity with cloud environments and related security considerations
• Strong problemsolving skills with attention to detail in identifying and analyzing security issues

Not required but a plus

• Certifications such as OSCP OSWE GWAPT or other relevant credentials in the field of security
• Experience with automating security tests in CI/CD pipelines using tools like GitLab/GitHub CI/CD and YAML configurations
• Active participation in security communities conferences or events demonstrating a commitment to the field
• Proficiency in scripting languages (e.g. Python Bash) to automate routine tasks and enhance testing efficiency
• You share our common values: Trust as we prefer to speak up and be our true selves; Sense of Ownership as its not worth wasting time on something you dont believe in; and enthusiasm for Constant Change as we are always looking to make things better

A bit about the team

You can get to know the team better at one of the interviews but some brief information about future colleagues will be useful now.

We are an actively growing security team using modern security approaches and tools. We are proud of the high level of responsibility and results of our work. It motivates us to grow and contribute more to the companys success!

Semrush Security Department contains:

• Application Security Team
• Infrastructure Security Team
• Common Flow & Compliance Team

As Semrush continues to grow so does our demand for simplifying and automating workflows to meet the needs of our internal teams partners and external users.

The Semrush Security Department is a strong team. The famous security researcher and other talented guys are with us.

We speak at hold internal and external events ( meetups) do work and train employees on how to find vulnerabilities and defend against them.

The Application Security Team is working on complex and multilayer software products. As a member of AppSec you will also be able to participate in building secure software development processes. We are not limited to basic workflows such as DAST and SAST; we focus our efforts on scalable investments in our engineering ecosystem to identify and drive highimpact security initiatives.

We are hiring for a security partner role to support product development at Semrush. In this role you will work closely with engineering teams building edge services platform features and backend infrastructure.

We are looking for security engineers who can be the voice of security in the defensive initiatives and identify the right security investments to help us build strong security processes.

We will try to create all the right conditions for you to work and rest comfortably

• This offer stands for the hybrid work format: some days you work from the office and some #wfh.
• Flexible working day start
• Unlimited PTO
• Hobby benefit
• Breakfast snacks and coffee at the office
• Corporate events
• Training courses conferences
• Gifts for employees

Finally a little more about our company

Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization payperclick content social media and competitive research campaigns and get measurable results from online marketing.
Weve been developing our product for 16 years and have been awarded G2s Top 100 Software Products Global and US Search Awards 2021 Great Place to Work Certification Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.

users in America Europe Asia and Australia have already tried Semrush and over 1000 people around the world are working on its development. The Semrush team is constantly growing.

Our new colleague we are waiting for you!
Semrush is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based upon race religion creed color national origin sex pregnancy sexual orientation gender identity gender expression age ancestry physical or mental disability or medical condition including medical characteristics genetic identity marital status military service or any other classification protected by applicable local state or federal laws. All employment decisions are based on business needs job requirements merit and individual qualifications.